﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;

namespace Ids4.Api.Application.SeedData
{
    public class Config
    {
        // scopes define the resources in your system
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(){
                    UserClaims={"role","username"}
                },
            };
        }
        public static IEnumerable<ApiScope> GetApiScopes()
        {
            return new List<ApiScope>
                {
                    new ApiScope(name: "IdentityServer.API",   displayName: "IdentityServer Manager"),

                };
        }
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("IdentityServer", "IdentityServerAPI",new List<string>{ JwtClaimTypes.Role })
                {
                    Scopes={ "IdentityServer.API" }
                }
            };
        }

        // clients want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients()
        {
            // client credentials client
            return new List<Client>
            {
                new Client
                {
                    ClientId = "clientCredentials",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    RequireConsent = true,
                    ClientSecrets =
                    {
                        new Secret("clientCredentials".Sha256())
                    },
                    AllowedScopes = { "IdentityServer.API" }
                },
                // resource owner password grant client
                new Client
                {
                    ClientId = "password",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    RequireConsent = true,
                    ClientSecrets =
                    {
                        new Secret("password".Sha256())
                    },
                    AllowedScopes = { "IdentityServer.API" }
                },
                // code client
                new Client
                {
                    ClientId = "code",
                    ClientName = "code",
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    RedirectUris = new[] {
                        "http://localhost:5001/swagger/oauth2-redirect.html", // Kestrel
                    },
                    RequireConsent = true,
                    AllowedGrantTypes = GrantTypes.Code,
                    RequirePkce = false,
                    AllowedScopes = new[] {
                         IdentityServerConstants.StandardScopes.OpenId,
                         IdentityServerConstants.StandardScopes.Profile,
                         "IdentityServer.API"
                    },
                },
                 // js后台管理客户端
                new Client
                {
                    ClientId = "implicit",
                    ClientName = "implicit",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    Description="js后台管理客户端",
                    RequireConsent = true,
                    RedirectUris = {
                        "http://localhost:8082/oidc-callback",
                        "http://localhost:8082/silent-renew.html",
                         "http://localhost:5001/swagger/oauth2-redirect.html",//swagger oauth2
                        "http://10.53.28.168:8082/oidc-callback",
                        "http://10.53.28.168:8082/silent-renew.html"
                    },
                    PostLogoutRedirectUris = { "http://localhost:8082" },
                    AllowOfflineAccess=true,
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "IdentityServer.API"
                    }
                },
                // OpenID Connect hybrid flow and client credentials client (MVC)
                new Client
                {
                    ClientId = "hybrid",
                    ClientName = "hybrid",
                    AllowedGrantTypes = GrantTypes.Hybrid,
                    ClientSecrets =
                    {
                        new Secret("secret".Sha256())
                    },
                    RedirectUris = { "http://localhost:5001/swagger/oauth2-redirect.html" },
                    PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "IdentityServer.API"
                    },
                    AllowAccessTokensViaBrowser = true,
                    AllowOfflineAccess = true
                }
            };
        }
    }
}
